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SOC IMS: SOC-20120503-246442 
Last Updated: ?,lnl201Z 4:44 PM 


SOC Incident Management System 


IMS User 
Contact: 


(b) (7)(E) 


Record 

Permissions 

Group: 


(b) (7)(E) 

Restrict Access 
To: 

Record Source: 


Contact Details 

Enter the NASA AUID or email address of the Contact, and click "Lookup Contact Details" to automatically 
retrieve the information. 


AUID: 

Email: 

Enter Contact information below if the primary contact 
is not an IMS user 


Contact Last 

Contact First 

Name: 

Name: 

Contact Role: 

Contact Office 

Phone: 

Contact E-mail: 

Contact Cell 

Phone: 

Contact AUID: 

Contact NASA 

Center: 

Contact 

Contact Room 

Building: 

Number: 

Contact Type: 



General Details 

SOC Tracking (b) (7)(E) 
Number: 


Categorization: 


(b) (7)(E) 


Date Record 
Created (UTC): 

Title: nasa hacked article prompts request from jpl 


Incident Time 
Zone: 


Brief 

Description: 


Current Status: 


http://www.zdnet.com/blog/security/mystery-group-hacks-us-military-harvard-nasa-more/11789?tag=content;siu-container 
Reference NASA Glenn Also - can you grab these files so we can see what the did? More importantly, the group put together 
military documents from their hacks, and uploaded the collection to MediaFire: Part 1 (177.79MB) and Part 2 (37.37 MB). 
http://www.mediafire.com/Pg2fgx29rqc5adjj http://www.mediafire.com/Pbi6a2rubgc89za2 Corbin Miller, CISSPJPL IT Security 
Group Manager corbin(5)jpl.nasa.gov 


(b) (7)(E) 


Assigned To: 


(b) (7)(E) 


Current Priority: 


Aiso Notify: 
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Cui: (b) (7)(E) 

Ok To Close: 


Notify on Save: 


(b) (7)(E) 



US CERT Reporting 

Risk Rating: 

Information 

Impact: 

Recoverability: 

Critical Service 
or System: 

Major Incident: 


Reportable to 
Congress: 

Observed 

Activity: 


Location of 

Observed 

Activity: 

Actor 

Characterization 


Action Taken to 
Recover: 


Functional 

Impact: 

Attack Vectors: 

Classified 

Incident: 

High Value 
Assets (HVA): 


Number of 

Records 

Impacted: 

Number of 

Systems 

Impacted: 

Number of 
Users Impacted: 


Number of Files 
Impacted: 


The fields below hold the US-CERT Reporting fields that were in force from October 1, 2015 through March 
31, 2017. The are included here for reporting purposes only. 


Functional 
Impact old 

Recoverability 
Impact old: 


Informational 
Impacts old: 


Related Tasks 


Task ID Assigned To Due Date (UTC) Priority Status Description Resoiution 

No Records Found 


Related Incidents 


Select 

Relationship: 


(b) (7)(E) 


Parent Incident 


Relationship 

Description: 
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SOC Tracking Number 

Current Status 


No Records Found 

Child Incidents 

SOC Tracking Number 

Current Status 


No Records Found 



Sibling Incidents 



SOC Tracking Number 

Current Status 


No Records Found 

Incident Details 



(b) (7)(E) 



Time Incident 


Time Incident 

Started: 


Started (UTC): 

Time Incident 


Time Incident 

Detected: 


Detected (UTC): 

Center Affected 


Overall Impact 

by Incident: 


(reference): 

US-CERT 


Incident 

Category: 


Subcategory: 

US-CERT 


ESD Ticket #: 

Tracking 



Number: 



Resolution 


Malware 

Status: 


Family: 



Highest level of 



access gained: 


Title 


Title 


Title 


(b) (7)(E) 


Primary Method User 
used to Identify 
Incident: 


Primary Attack 
Category: 

Lost or Stolen 
NASA 

Equipment: 


Primary 

Vulnerability 

Type: 


Lost or Stolen NASA Equipment Application 

Tracking ID Cause of Loss Type of System Lost Description of Circumstances 

No Records Found 


Host Information 
NASA Hosts 

IP Address IPv6 Address Host Name 


Center/Facility 
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No Records Found 

External Hosts 

IP Address External IPv6 Address Host Name Position in this attack 

No Records Found 


Campaigns 

Campaign 

Name: 

Campaign 

Comment: 


Reviewed By 
TVA: 

Confirmed By 
TVA: 

Is APT: 


Indicators of Compromise 

(b) (7)(E) 


Root Cause Statement 

The Root Cause Statement can be constructed from the following fields like so: 

"SOURCES source realized CATEGORIES using METHODS exploiting CAUSES (with additional FACTORS) gaining OBJECTVES." 
See the help for the individual fields for more information about what the various values mean and their context. 
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Root Cause 
Sources: 

Root Cause 
Methods: 


Root Cause 
Categories: 

Root Cause 
Causes: 


Root Cause 
Factors: 


Root Cause 
Objectives: 


Reporting Organizations 


Reporting Date Reporting Locai Reporting Locai Reporting 

(UTC) Date Time Zone Reporting Notes Reporting Number Organization 

No Records Found 


Impact of Incident 

NASA Programs, 
Projects, and/or 
Operations: 

Data (at Rest or 
Transmission): 

Cost: 


Number of 
systems 
affected by this 
incident: 


Number of 
accounts 
affected by this 
incident: 


Other Impacts: 
Overaii Impact: 


(b) (7)(E) 


People: 


System: 


Sophistication / 
Nature of 
Attack: 

Number of 
NASA Centers/ 
Facilities 
affected by this 
incident: 

Critical 

Infrastructure 

Impacted: 


Containment Actions 

Incident 
Containment 
System Action: 

Incident 
Containment 
Network Action: 


Recovery Actions 


Reporting 

Organization 

Contact 
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Incident 

Recovery 

System Action: 

Incident 

Recovery User 

Action: 


Recommendations 

Root Cause: 

Lessons 

Learned: 


Costs 

Center (Hours): 

Center (Dollars): 

NASA SOC (7)(E) 

NASA SOC 

(Hours): 

(Dollars): 

NASA NOC 

NASA NOC 

(Hours): 

(Dollars): 

Other Costs 

Other Costs 

(Hours): 

(Dollars): 


(b) (7)(E) 


Total Costs in Hours and Dollars are automatically calculated as the sum of the individual costs above. Center IR teams or managers should enter 
the Center costs, the NASA SOC Manager should enter the SOC Costs and the NOC Manager should enter the NOC costs, if any, in order to arrive 
at the Total Cost. 


Total Cost 
(Hours): 


(b) (7)(E) 


Description of 
Costs: 


System Down 
Time (Days): 


Total Cost 
(Dollars): 


(b) (7)(E) 


System Down 
Time (Hours): 


Timeline 


Date Record (b)(7)(E) 

Date Record 

Opened (UTC): 

Confirmed 


(UTC): 

Date Record 

Date Record 

Contained 

Resolved (UTC): 

(UTC): 


Date Record 


Closed (UTC): 


Time in Open: 


Time in 

Time to 

Confirmed: 

Confirm: 


(b) (7)(E) 
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Time in (b) (7)(E) Time to Contain: 

Contained: 

Time in Time to Resoive: 

Resoived: 

Time in Ciosed: Time to Ciose: 


Number of Days 
to Resoive: 


Journal Entries 


Entry 

(b) (7)(E) 


Entry Date 


IMS User 
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(b) (7)(E) 
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Attachment(s) 

Name Size Type Upload Date 

No Records Found 


History Log 
View History Log 
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